Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6856 matches found

ATTACKERKB
ATTACKERKBadded 2026/03/31 3:6 p.m.2 views

CVE-2026-34573

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.68 and 9.7.0-alpha.12, the GraphQL query complexity validator can be exploited to cause a denial-of-service by sending a crafted query with binary fan-out fragment spreads...

8.2CVSS5.7AI score0.00019EPSS
Exploits0References6Affected Software1
CVE
CVEadded 2026/03/31 2:42 p.m.9 views

CVE-2026-34532

Parse Server vulnerability CVE-2026-34532: An attacker could bypass Cloud Function validator access controls by appending "prototype.constructor" to the function name in the URL. When a Cloud Function handler uses the function keyword and its validator is a plain object or arrow function, the tri...

9.1CVSS5.7AI score0.00043EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2026/03/31 2:42 p.m.18 views

CVE-2026-34532 Parse Server: Cloud function validator bypass via prototype chain traversal

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0-alpha.11, an attacker can bypass Cloud Function validator access controls by appending "prototype.constructor" to the function name in the URL. When a Cloud...

9.1CVSS0.00043EPSS
Exploits0References5
OSV
OSVadded 2026/03/31 2:42 p.m.3 views

CVE-2026-34532 Parse Server: Cloud function validator bypass via prototype chain traversal

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0-alpha.11, an attacker can bypass Cloud Function validator access controls by appending "prototype.constructor" to the function name in the URL. When a Cloud...

9.1CVSS5.8AI score0.00043EPSS
Exploits0References7
ATTACKERKB
ATTACKERKBadded 2026/03/31 2:42 p.m.1 views

CVE-2026-34532

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0-alpha.11, an attacker can bypass Cloud Function validator access controls by appending "prototype.constructor" to the function name in the URL. When a Cloud...

9.1CVSS5.7AI score0.00043EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/31 2:42 p.m.1 views

CVE-2026-34532 Parse Server: Cloud function validator bypass via prototype chain traversal

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0-alpha.11, an attacker can bypass Cloud Function validator access controls by appending "prototype.constructor" to the function name in the URL. When a Cloud...

9.1CVSS5.7AI score0.00043EPSS
Exploits0References5
EUVD
EUVDadded 2026/03/31 2:42 p.m.1 views

EUVD-2026-17473

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0-alpha.11, an attacker can bypass Cloud Function validator access controls by appending "prototype.constructor" to the function name in the URL. When a Cloud...

9.1CVSS5.7AI score0.00043EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/03/31 2:38 p.m.0 views

CVE-2026-34373

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.66 and 9.7.0-alpha.10, the GraphQL API endpoint does not respect the allowOrigin server option and unconditionally allows cross-origin requests from any website. This...

5.3CVSS5.7AI score0.00021EPSS
Exploits0References6Affected Software1
CVE
CVEadded 2026/03/31 2:38 p.m.5 views

CVE-2026-34373

The connected GitHub advisory GHSA-q3P6-G7C4-829C describes a CORS misconfiguration in the Parse Server GraphQL API endpoint: it ignores allowOrigin restrictions and allows cross-origin requests from any site, while the REST API correctly enforces them. Patches align the GraphQL endpoint with the...

8.8CVSS5.7AI score0.00021EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/31 2:38 p.m.1 views

CVE-2026-34373 Parse Server: GraphQL API endpoint ignores CORS origin restriction

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.66 and 9.7.0-alpha.10, the GraphQL API endpoint does not respect the allowOrigin server option and unconditionally allows cross-origin requests from any website. This...

5.3CVSS5.7AI score0.00021EPSS
Exploits0References5
OSV
OSVadded 2026/03/31 2:38 p.m.1 views

CVE-2026-34373 Parse Server: GraphQL API endpoint ignores CORS origin restriction

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.66 and 9.7.0-alpha.10, the GraphQL API endpoint does not respect the allowOrigin server option and unconditionally allows cross-origin requests from any website. This...

5.3CVSS5.7AI score0.00021EPSS
Exploits0References7
Cvelist
Cvelistadded 2026/03/31 2:38 p.m.20 views

CVE-2026-34373 Parse Server: GraphQL API endpoint ignores CORS origin restriction

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.66 and 9.7.0-alpha.10, the GraphQL API endpoint does not respect the allowOrigin server option and unconditionally allows cross-origin requests from any website. This...

5.3CVSS0.00021EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/03/31 2:35 p.m.2 views

CVE-2026-34363

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.65 and 9.7.0-alpha.9, when multiple clients subscribe to the same class via LiveQuery, the event handlers process each subscriber concurrently using shared mutable objects...

8.2CVSS5.8AI score0.00023EPSS
Exploits0References6Affected Software1
CVE
CVEadded 2026/03/31 2:35 p.m.4 views

CVE-2026-34363

The CVE entry maps to a Parse Server LiveQuery vulnerability (prote cted fields/afterEvent triggers) where multiple subscribers sharing a class could see leaked or incomplete data due to in-place edits of shared mutable objects by the sensitive data filter. The root cause is shared mutable state ...

8.2CVSS5.8AI score0.00023EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/31 2:35 p.m.1 views

CVE-2026-34363 Parse Server: LiveQuery protected field leak via shared mutable state across concurrent subscribers

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.65 and 9.7.0-alpha.9, when multiple clients subscribe to the same class via LiveQuery, the event handlers process each subscriber concurrently using shared mutable objects...

8.2CVSS5.8AI score0.00023EPSS
Exploits0References5
CVE
CVEadded 2026/03/31 2:25 p.m.7 views

CVE-2026-34224

CVE-2026-34224 affects Parse Server (Node.js backend). A flaw in the authData login flow lets an attacker with a valid provider token and a single MFA recovery code or SMS OTP create multiple authenticated sessions by issuing concurrent login requests, defeating the single-use MFA guarantee and p...

4.4CVSS5.8AI score0.00018EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/31 2:25 p.m.2 views

CVE-2026-34224

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.64 and 9.7.0-alpha.8, an attacker who possesses a valid authentication provider token and a single MFA recovery code or SMS one-time password can create multiple...

2.1CVSS5.8AI score0.00018EPSS
Exploits0References6Affected Software1
Cvelist
Cvelistadded 2026/03/31 2:25 p.m.18 views

CVE-2026-34224 Parse Server: MFA single-use token bypass via concurrent authData login requests

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.64 and 9.7.0-alpha.8, an attacker who possesses a valid authentication provider token and a single MFA recovery code or SMS one-time password can create multiple...

2.1CVSS0.00018EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/03/31 2:25 p.m.0 views

CVE-2026-34224 Parse Server: MFA single-use token bypass via concurrent authData login requests

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.64 and 9.7.0-alpha.8, an attacker who possesses a valid authentication provider token and a single MFA recovery code or SMS one-time password can create multiple...

2.1CVSS5.8AI score0.00018EPSS
Exploits0References5
OSV
OSVadded 2026/03/31 2:25 p.m.2 views

CVE-2026-34224 Parse Server: MFA single-use token bypass via concurrent authData login requests

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.64 and 9.7.0-alpha.8, an attacker who possesses a valid authentication provider token and a single MFA recovery code or SMS one-time password can create multiple...

2.1CVSS5.8AI score0.00018EPSS
Exploits0References7
Rows per page
Query Builder